Data

Tools

Indexes

Applications

Experiments

Dependabot

An open index of dependabot pull requests across open source projects.

build(deps): Bump fast-uri from 3.0.6 to 3.1.2

Open
Number: #490
Type: Pull Request
State: Open
Author: dependabot[bot] dependabot[bot]
Association: Unknown
Comments: 86
Created: May 08, 2026 at 09:49 PM UTC
(24 days ago)
Updated: May 26, 2026 at 12:00 PM UTC
(6 days ago)
Labels:
dependencies javascript dependabot-no-alert
Description:

Resolves intercom/intercom#508208.

Bumps fast-uri from 3.0.6 to 3.1.2.

Release notes

Sourced from fast-uri's releases.

v3.1.2

⚠️ Security Release

What's Changed

Full Changelog: https://github.com/fastify/fast-uri/compare/v3.1.1...v3.1.2

v3.1.1

⚠️ Security Release

What's Changed

New Contributors

Full Changelog: https://github.com/fastify/fast-uri/compare/v3.1.0...v3.1.1

v3.1.0

What's Changed

... (truncated)

Commits
  • 919dd8e Bumped v3.1.2
  • c65ba57 fixup: linting
  • 6c86c17 Merge commit from fork
  • a95158a Handle malformed fragment decoding without throwing (#171)
  • cea547c Bumped v3.1.1
  • 876ce79 Merge commit from fork
  • dcdf690 ci: add lock-threads workflow (#169)
  • c860e65 build(deps-dev): bump neostandard from 0.12.2 to 0.13.0 (#167)
  • 9b4c6dc build(deps): bump fastify/workflows/.github/workflows/plugins-ci.yml (#166)
  • 85d09a9 build(deps): bump fastify/workflows/.github/workflows/plugins-ci-package-mana...
  • Additional commits viewable in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    You can disable automated security fix PRs for this repo from the Security Alerts page.
Package Dependencies
Package:
fast-uri
Ecosystem:
npm
Version Change:
3.0.6 → 3.1.2
Update Type:
Minor
Security Advisories
fast-uri vulnerable to path traversal via percent-encoded dot segments
GHSA-q3j6-qgpj-74h6 CVE-2026-6321 HIGH
### Impact `fast-uri` v3.1.0 and earlier decodes percent-encoded path separators (`%2F`) and dot segments (`%2E`) before applying dot-segment removal in `normalize()` and `equal()`. This makes enc...
fast-uri vulnerable to host confusion via percent-encoded authority delimiters
GHSA-v39h-62p7-jpjc CVE-2026-6322 HIGH
### Impact `fast-uri` v3.1.1 and earlier decodes percent-encoded authority delimiters (`%40` as `@`, `%3A` as `:`) inside the host component and serializes them back as raw characters. This change...
Actions
View on GitHub View Repository All Dependabot PRs
Technical Details
ID: 15787862
UUID: 4409605369
Node ID: PR_kwDOInwvmM7ZsrMx
Host: GitHub
Repository: intercom/Intercom-OpenAPI